Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 5 Next »

This page is to develop the problem statements and material to frame research on user management.

Security

  • Passwords

    • no complexity rules or regular changes (against good practice)

    • no self-reset of password (adds admin burden)

  • Multi-factor authentication (now the norm and best practice)

  • Pass-through authentication for staff should be investigated (access is simpler)

User roles

Need to be reviewed and if necessary amended.

Monitoring

  • Monitoring access by users (to ID suspicious activity)

Background and links in Confluence

User management 2018

https://hee-tis.atlassian.net/wiki/x/LgATMw

Series of meetings in 2020 to advance user management

https://hee-tis.atlassian.net/wiki/x/CQBzjg

Possible further reading

Password standards

Password administration for system owners - NCSC.GOV.UK

ID and authentication

Identity proofing and authentication - GOV.UK (www.gov.uk)

  • No labels

Slack: https://hee-nhs-tis.slack.com/
Jira issues: https://hee-tis.atlassian.net/issues/?filter=14213